Sony-BMG Music Entertainment's use of spyware techniques for copyright protection is only the latest example of a trend that will likely promote a "consumer backlash," industry experts have warned.
According to a new advisory from Gartner, Sony-BMG's decision to install anti-piracy rootkit software on some music CDs that cloaks its presence and alters the functioning of the user's machine could lead to music fans boycotting the firm.
"In the name of protecting intellectual property, Sony has essentially borrowed a technique used by hackers and spyware/adware distributors. The software in question was designed to limit the user's flexibility in consuming the CD's content, but could have other effects on the user's computer, including creating possible security vulnerabilities and transferring some information back to Sony," the report authored by Gartner analysts Ray Wagner, Mike McGuire, Jay Heiser and Peter Firstbrook noted.
Many of the techniques Sony has used in connection with this software "meet both formal and informal definitions of spyware," Gartner claimed. These techniques include stealth download, information buried in the end-user licensing agreement, hidden files and processes, a missing uninstall utility, system or personal information being sent to a web server without notification or consent and email information required in return for an uninstall utility.
"Gartner believes that the use of spyware techniques, however benign in purpose, constitutes bad business practice and should be discouraged. Any attempt to sneak software onto a customer's computer or gather any information without consent is unacceptable," the analyst firm stated.
Although Sony has now issued a patch that "decloaks" the software, the process for completely removing the software from the user's computer is complex, requires the user to interact with Sony and is not included with the CD, Gartner observed.
Just as they had to develop formal privacy and spam guidelines, software developers must now familiarize now themselves with the criteria by which spyware is defined, Gartner advised. The analyst firm went on to recommend that providers and vendors use proper coding and consent practices or risk losing customer loyalty and jeopardizing their brands.